API10:2023 - Unsafe Consumption of APIs

Your API may depend on third-party APIs for identity, payments, enrichment, or workflows. Blind trust in external responses, schemas, and availability can cascade failures and security incidents into your platform.

• Data integrity issues from untrusted third-party responses.
• Security bypass through malformed or malicious upstream data.
• Service disruption when dependent APIs fail or degrade.

• Validate and sanitize all inbound data from partner APIs.
• Use timeouts, retries, circuit breakers, and fallback behavior.
• Apply least-privilege credentials and network segmentation.
• Continuously assess third-party API security and change risk.